Hi Karthik,
It may well be true that some (typically unauthenticated) application
protocols on top of TLS can survive TLS compression, but it is
unlikely.
[...]
HTTP is a particularly bad case because the attacker can potentially
inject arbitrary data before (and after) the secret. With NNTP you
may escape the worst of this adversary, but you probably won’t find
any TLS expert willing to say that compressing the password is ok.
OK, many thanks for the illustration!
So in fact, to be safer, authentication commands should either be sent
uncompressed or be more complex than they currently are (for instance
with the insertion of random data with random length along with the
authentication command).
If TLS 1.3 is used, so without compression facility, adding a new
COMPRESS command to NNTP will not help if how authentication is done is
not strenghtened at the same time, won't it?
Or AUTHINFO is not a valid command after the use of COMPRESS.
--
Julien ÉLIE
« Etna : lave dévalante. »
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
